Path: utzoo!utgpu!attcan!lsuc!atha!decwrl!mogul
From: mogul@decwrl.dec.com (Jeffrey Mogul)
Newsgroups: comp.unix.ultrix
Subject: Re: UNOFFICIAL SECURITY NOTIFICATION
Message-ID: <209@jove.dec.com>
Date: 21 Oct 89 00:19:14 GMT
References: <2780@decuac.DEC.COM> <2781@decuac.DEC.COM>
Organization: DEC Western Research
Lines: 18

In article <2781@decuac.DEC.COM> avolio@decuac.DEC.COM (Frederick M. Avolio) writes:
>More unoffcial suggested steps (these from a CERT Advisory):
>
>	7) Disable or modify the tftpd program so that anonymous access to
>	   the file system is prevented.

Note that people who are using the Ultrix 3.0 (or later) version of
"tftpd" should be able to use the "-r" (restricted root) flag to limit
access to a subtree of the file system.  This is essentially the same
mechanism as is supported by the ftpd server to limit anonymous ftp access.
Unfortunately, I believe that some people didn't receive a properly
updated manual page for tftpd; the syntax to use in /etc/inetd.conf is:

tftp    dgram   udp     nowait  /usr/etc/tftpd  tftpd -r /local/bootfiles

for example (you can see that we only use TFTP for bootloading).

-Jeff